Bug 1706104
| Summary: | openssl asn1parse crashes with double free or corruption (!prev) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Ivan Nikolchev <inikolch> |
| Component: | openssl | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED ERRATA | QA Contact: | bsmejkal |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 8.0 | CC: | bsmejkal, hkario, szidek |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openssl-1.1.1b-3.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-11-05 22:40:19 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1643026 | ||
| Bug Blocks: | |||
Reproducing bug:
Build tested:
openssl-1.1.1-8.el8.x86_64
Steps:
1) # openssl req -x509 -newkey rsa -keyout key.pem -out cert.pem -nodes -subj '/CN=localhost'
Generating a RSA private key
.+++++
............................................+++++
writing new private key to 'key.pem'
-----
2) # openssl pkcs12 -export -out outfile.p12 -inkey key.pem -in cert.pem
Enter Export Password:
Verifying - Enter Export Password:
3) # openssl pkcs12 -in outfile.p12 -nodes -nocerts > newfile
Enter Import Password:
4) # openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22
0:d=0 hl=4 l=1187 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=4 l= 257 prim: INTEGER :C01C309D9F48492369AF7FA4FA5C8539E2FC0F1471EF6D6283271821CCFB39430FFC6771595DCAB89B810EE2C50E54160C1BD81E51E381F29C19C8AAC781DDB5C804161BF1155813F79E981A6A07E1AEEB9E20473B111D1F7E375A51082EC9E1A0AFD9930021C7230E9074F5E6BFBA9C475B9DAD5A10BD7160F9574CBACBC7547DD6086D807CBE830C08FF6BDA703A4AD9EFFE8627B92C2D06E417ADE1898ABF5D1015CF5C9E3BB05C0355BF742AC165747CDAB69F731BED964ACDEDEB7DB844451996008FD980C30D56A739CB38EAC86F29DCAB24C0EBC3F1673923D79255B5A98A24A6B19C9424614D5EF02941AF91BB81635892643AC024D1B6C8A6D3AB3F
268:d=1 hl=2 l= 3 prim: INTEGER :010001
273:d=1 hl=4 l= 256 prim: INTEGER :707B10EBF92AF5C7CA457B5339539A9DBE0D1F37354E9E9923796C63BE050A0DFDFA2706F2F03B95C356D9446564724F465FB7366973EFCE012007A216962F1E1432704F83E49F617186664070FC94633A89A7148DBD0374410E5FCF3A1F4B0CD46CA1D3B42C12D0AFE25CD8ED762CE8FBCEE48F6F4085EB30804D611BADDCD2D3E2FE568F569164029884186823CF96D2AE7AE1F3F88B41C86903C55C6570F9C1027319FA4930227B248CC67C8378784F78D97F909C440AA03156FF288B8F7B43B1BE6153BC40607FC5AB7D4E5289295839EA552DFE9B01249542905DE3E85D7644B2BD990AE04F2EA82C859B29E8C82AE98BEB170AC0B5D9F88DFCE39AC8E1
533:d=1 hl=3 l= 129 prim: INTEGER :E39D049E8F89BD4DE0DC1F5545E13157D938B3EA5F14104152F1925FDF740903468802B8DD741CF6687DF270245F14389BFD056FCA133365CC73573A5DCF94CF3A3399404B672117188699FEB0D80D2BE89E78D3BF71644B578A1804C425B2835006B9A92B2B554602BEC2B11F4857F96EDD3A1A6B8908A5DD8BEADFCA6ED76D
665:d=1 hl=3 l= 129 prim: INTEGER :D811AA28C83ED0ACD44EF6569947DD68161C0C3D7B8F0B776F066D67A02E3C5458866481200F8D1A36827ACCCED5CF858CFF1E94A9B0CA246F373EDEE50F2473D20CDAEB531D15885B23B7B56B8F0269928EE53F9A56617F9875C79AF328B4CCE5EBDC5671DD3C3D5A287CEE79C3F18F5C8FBA3293B25745BB72AECFE61545DB
797:d=1 hl=3 l= 129 prim: INTEGER :C5924B2B335F15621F58131E9ACCB15F16DFC0542579ADEE7607D8CDBD91E42CE2B136E3AEDE9631515C59EFFBB24844272AC6E85558BB5996D15B9AFF492B5B81A2BE58EFDAB1FF713B8D3A65D8F3FDF42A72A922D9537C8E9D00E24A3C8AAAAEF157813F469AFB6D709660D6CD9E0796B3133751B69E3A1387DB35AC6AF035
929:d=1 hl=3 l= 128 prim: INTEGER :39510E4B7D3B348DF44FF206ECE864725D1319A821A3C38DEE34CD46E4F5FEE8FD06C1988351BCC38C5C368928010DE8C68B52A86B0F4BC038847638189958B924AA6654709AD1807774D521DA2378A75ACA6F43DD04371EEAE9AB868E246939C57038E5F194978B4AE45CA7C243594C0768D522DF8D3A9B73EB2B365939A16B
1060:d=1 hl=3 l= 128 prim: INTEGER :4D6D32CF0820432A7B030FE32E6F1EBE0225DB8BF25CBAF94BEFE8DF1CB7F1E0E984A0141F9EAE67F8F34D068888D87287679C5EDA5E134B9EE27735EB741D41F23B469B893797BFDB51DDBA824433DEC5007B3CBC002A2E7B8825549D87FA798FBBD23F0C6EC234B20A202DF709C6DD4D7ECFF58C31C2236CB991FF7EE4ADB1
double free or corruption (!prev)
Aborted (core dumped)
5) Checking with valgrind
# valgrind openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22
==6483== Memcheck, a memory error detector
==6483== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==6483== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==6483== Command: openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22
==6483==
0:d=0 hl=4 l=1187 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=4 l= 257 prim: INTEGER :C01C309D9F48492369AF7FA4FA5C8539E2FC0F1471EF6D6283271821CCFB39430FFC6771595DCAB89B810EE2C50E54160C1BD81E51E381F29C19C8AAC781DDB5C804161BF1155813F79E981A6A07E1AEEB9E20473B111D1F7E375A51082EC9E1A0AFD9930021C7230E9074F5E6BFBA9C475B9DAD5A10BD7160F9574CBACBC7547DD6086D807CBE830C08FF6BDA703A4AD9EFFE8627B92C2D06E417ADE1898ABF5D1015CF5C9E3BB05C0355BF742AC165747CDAB69F731BED964ACDEDEB7DB844451996008FD980C30D56A739CB38EAC86F29DCAB24C0EBC3F1673923D79255B5A98A24A6B19C9424614D5EF02941AF91BB81635892643AC024D1B6C8A6D3AB3F
268:d=1 hl=2 l= 3 prim: INTEGER :010001
273:d=1 hl=4 l= 256 prim: INTEGER :707B10EBF92AF5C7CA457B5339539A9DBE0D1F37354E9E9923796C63BE050A0DFDFA2706F2F03B95C356D9446564724F465FB7366973EFCE012007A216962F1E1432704F83E49F617186664070FC94633A89A7148DBD0374410E5FCF3A1F4B0CD46CA1D3B42C12D0AFE25CD8ED762CE8FBCEE48F6F4085EB30804D611BADDCD2D3E2FE568F569164029884186823CF96D2AE7AE1F3F88B41C86903C55C6570F9C1027319FA4930227B248CC67C8378784F78D97F909C440AA03156FF288B8F7B43B1BE6153BC40607FC5AB7D4E5289295839EA552DFE9B01249542905DE3E85D7644B2BD990AE04F2EA82C859B29E8C82AE98BEB170AC0B5D9F88DFCE39AC8E1
533:d=1 hl=3 l= 129 prim: INTEGER :E39D049E8F89BD4DE0DC1F5545E13157D938B3EA5F14104152F1925FDF740903468802B8DD741CF6687DF270245F14389BFD056FCA133365CC73573A5DCF94CF3A3399404B672117188699FEB0D80D2BE89E78D3BF71644B578A1804C425B2835006B9A92B2B554602BEC2B11F4857F96EDD3A1A6B8908A5DD8BEADFCA6ED76D
665:d=1 hl=3 l= 129 prim: INTEGER :D811AA28C83ED0ACD44EF6569947DD68161C0C3D7B8F0B776F066D67A02E3C5458866481200F8D1A36827ACCCED5CF858CFF1E94A9B0CA246F373EDEE50F2473D20CDAEB531D15885B23B7B56B8F0269928EE53F9A56617F9875C79AF328B4CCE5EBDC5671DD3C3D5A287CEE79C3F18F5C8FBA3293B25745BB72AECFE61545DB
797:d=1 hl=3 l= 129 prim: INTEGER :C5924B2B335F15621F58131E9ACCB15F16DFC0542579ADEE7607D8CDBD91E42CE2B136E3AEDE9631515C59EFFBB24844272AC6E85558BB5996D15B9AFF492B5B81A2BE58EFDAB1FF713B8D3A65D8F3FDF42A72A922D9537C8E9D00E24A3C8AAAAEF157813F469AFB6D709660D6CD9E0796B3133751B69E3A1387DB35AC6AF035
929:d=1 hl=3 l= 128 prim: INTEGER :39510E4B7D3B348DF44FF206ECE864725D1319A821A3C38DEE34CD46E4F5FEE8FD06C1988351BCC38C5C368928010DE8C68B52A86B0F4BC038847638189958B924AA6654709AD1807774D521DA2378A75ACA6F43DD04371EEAE9AB868E246939C57038E5F194978B4AE45CA7C243594C0768D522DF8D3A9B73EB2B365939A16B
1060:d=1 hl=3 l= 128 prim: INTEGER :4D6D32CF0820432A7B030FE32E6F1EBE0225DB8BF25CBAF94BEFE8DF1CB7F1E0E984A0141F9EAE67F8F34D068888D87287679C5EDA5E134B9EE27735EB741D41F23B469B893797BFDB51DDBA824433DEC5007B3CBC002A2E7B8825549D87FA798FBBD23F0C6EC234B20A202DF709C6DD4D7ECFF58C31C2236CB991FF7EE4ADB1
==6483== Invalid free() / delete / delete[] / realloc()
==6483== at 0x4C3208C: free (vg_replace_malloc.c:540)
==6483== by 0x5167B5C: ??? (in /usr/lib64/libcrypto.so.1.1.1)
==6483== by 0x5171B9E: ??? (in /usr/lib64/libcrypto.so.1.1.1)
==6483== by 0x5171B36: ??? (in /usr/lib64/libcrypto.so.1.1.1)
==6483== by 0x5171F28: ASN1_item_free (in /usr/lib64/libcrypto.so.1.1.1)
==6483== by 0x13FE27: ??? (in /usr/bin/openssl)
==6483== by 0x156063: ??? (in /usr/bin/openssl)
==6483== by 0x13FB39: ??? (in /usr/bin/openssl)
==6483== by 0x5C06812: (below main) (in /usr/lib64/libc-2.28.so)
==6483== Address 0x60169d0 is 0 bytes inside a block of size 1,192 free'd
==6483== at 0x4C3208C: free (vg_replace_malloc.c:540)
==6483== by 0x14021D: ??? (in /usr/bin/openssl)
==6483== by 0x156063: ??? (in /usr/bin/openssl)
==6483== by 0x13FB39: ??? (in /usr/bin/openssl)
==6483== by 0x5C06812: (below main) (in /usr/lib64/libc-2.28.so)
==6483== Block was alloc'd at
==6483== at 0x4C30E8B: malloc (vg_replace_malloc.c:309)
==6483== by 0x51679B9: ASN1_STRING_set (in /usr/lib64/libcrypto.so.1.1.1)
==6483== by 0x516F7AF: ??? (in /usr/lib64/libcrypto.so.1.1.1)
==6483== by 0x51702AB: ??? (in /usr/lib64/libcrypto.so.1.1.1)
==6483== by 0x5170AC0: ASN1_item_ex_d2i (in /usr/lib64/libcrypto.so.1.1.1)
==6483== by 0x5170B3E: ASN1_item_d2i (in /usr/lib64/libcrypto.so.1.1.1)
==6483== by 0x13FF99: ??? (in /usr/bin/openssl)
==6483== by 0x156063: ??? (in /usr/bin/openssl)
==6483== by 0x13FB39: ??? (in /usr/bin/openssl)
==6483== by 0x5C06812: (below main) (in /usr/lib64/libc-2.28.so)
==6483==
==6483==
==6483== HEAP SUMMARY:
==6483== in use at exit: 1,217 bytes in 1 blocks
==6483== total heap usage: 4,099 allocs, 4,099 frees, 173,726 bytes allocated
==6483==
==6483== LEAK SUMMARY:
==6483== definitely lost: 1,217 bytes in 1 blocks
==6483== indirectly lost: 0 bytes in 0 blocks
==6483== possibly lost: 0 bytes in 0 blocks
==6483== still reachable: 0 bytes in 0 blocks
==6483== suppressed: 0 bytes in 0 blocks
==6483== Rerun with --leak-check=full to see details of leaked memory
==6483==
==6483== For counts of detected and suppressed errors, rerun with: -v
==6483== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Verify on new version:
Build tested:
openssl-1.1.1c-1.el8.x86_64
Distro:
redhat-release-8.1-3.0.el8.x86_64
Steps:
1) # openssl req -x509 -newkey rsa -keyout key.pem -out cert.pem -nodes -subj '/CN=localhost'
Generating a RSA private key
...............................................................................+++++
......................+++++
writing new private key to 'key.pem'
-----
2) # openssl pkcs12 -export -out outfile.p12 -inkey key.pem -in cert.pem
Enter Export Password:
Verifying - Enter Export Password:
3) # openssl pkcs12 -in outfile.p12 -nodes -nocerts > newfile
Enter Import Password:
4) # openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22
0:d=0 hl=4 l=1188 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=4 l= 257 prim: INTEGER :C7BFE56926B5588B3D49115E75C583407F03A415C3AFE5E6A8FD2792D16FC22852B36D491EBC7C171273DAF32CB518C37FED97433C7EB610EAFB8C5AB5BA93F14D9BEFD6B568107880E5EDD6E406B05DFBD72249DADB40D784EB0BA119443E424B9F30AEE97D1680D8D38FEF8785736335EE985EF42912320180CCB9A864073466B6F6E3AC9B5BA0765246BC91BD9A9912CA04179433582A2192FB9EB0777970C50FABBBCC5798AA459AEFB26B3909CDA6AA1D86517D1579B7653F140152E8904BAC54AB937A7F95D0973A7EBF558110E7D18F094B49395DA52723A9EED0271C4073876E25E65B2B86E0D3E140EFBD61DAC2D66D1D0404F0E92C2CDD769E8AA3
268:d=1 hl=2 l= 3 prim: INTEGER :010001
273:d=1 hl=4 l= 256 prim: INTEGER :3E67D2898E815B9F6CCF3630F7C47464230A852A139011D8857549F6D19E03DFCB2EA9770DB63F6289EE4E3A68FE4F354CF372AD9BE9CE81EC98185A82AA3EEC459DF149783581E7D40581D0003FA2BC4A2105626390DA6A3AE9A0217D9E578128D51C459946EE4FE4EDFBEB0EC0FFB2C037C1BCF0B5202D25511324F1DA0671A76F4976A4ED1752C72CCD7AA50F9BB423899E5956EDD57EBB3A2C0779EDFEA12E06A660563D29A1157DCF44757C8AFC3B65414F96694D7D8662867744626C361AF31E2D063F7B9D525035F70962684C619284FD4B5885977F1BD916C804F6D688B8C94B54155856D7BEDE393E6F90DC2A87CED9DEFD0E9A63DD081CC6705B89
533:d=1 hl=3 l= 129 prim: INTEGER :FD1A74704E81F2F43C8C4F5CD31177A4977C5DB7A04B1E71DFC9380BE75A1E7C10308EAAA08D87B8042B43876EF3E07C8741AA2BB9590D650AC4FD8CAE571A7098F40B111160EE53DB16B24962E95E8B1A06A7A14069EFDDB1067272887B7E06CFA81174BEBCAD28A95CC8D55476DBE71EEC4FF609D7D7AE4D28E55B526B7987
665:d=1 hl=3 l= 129 prim: INTEGER :CA091FF70848179793B020B74C042935AE9B3B963668A06343C3CBFAD6264352ABD8B1C74ECDDB3481FDA5D020FAA659A852A62178A8D0B1C3A4BBE2D5FB629749ADCEF2630933DFF2CEA90037FBA2E81AC00821155D54C6FFED208F8B7E32893CA3F9DAE0D8BACCA9DB570050094FF5B246029CA93C2F9152A3BE6A30F03D05
797:d=1 hl=3 l= 129 prim: INTEGER :BA4A777B95FD45C288B24953AC330619CA3A0A8CB659B3FDE2D62AFF6FF83FC9D6ECB6855608F5E4F684957EA0A6B60B524E7D9F131C3DA4AA4995C9AF24835C6EE7E92155E63F64CF342463A97ED54C930A64E56610D3311C33FF96D767F5B9B3AC23B50712BE6CD84367BAC5217AF7E125D430E6CBCC7F0961D976DEF2260F
929:d=1 hl=3 l= 129 prim: INTEGER :9A733159939E3152F257A21B1E64CBF03B0477201586149EEE2E1FA129D7647E2DDB61C5212C645896CB86D83E6DFF7FE91B0DDFE6B2FF9FF615D880C7DEFEF6F31F896669699E9BA4AE722A35A20C5EEE1C41DAB0CF81C103E38E91CE2CF28B51AD7593EB722413D402575768D845A569DCF5A0380C47BD0BF51BDB68802FD5
1061:d=1 hl=3 l= 128 prim: INTEGER :263F65564D8AEE9719CD74467C3161400925ED7395D4FB6E0DBDEA3CB85F48D0A948758473275DCA32E5310715AD4B9016728CA7309EA3EB641FC4D6CF70D6BB3437F333480F658DB8431B4234F904083BFDDA3EA094A81124A4C1CF593AEB711BC52E88C5F1461143CA47FF70F1CB9349E108A5749BF2A321F1E470D30DEB96
5) Checking with valgrind
# valgrind openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22
==5059== Memcheck, a memory error detector
==5059== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==5059== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==5059== Command: openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22
==5059==
0:d=0 hl=4 l=1188 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=4 l= 257 prim: INTEGER :C7BFE56926B5588B3D49115E75C583407F03A415C3AFE5E6A8FD2792D16FC22852B36D491EBC7C171273DAF32CB518C37FED97433C7EB610EAFB8C5AB5BA93F14D9BEFD6B568107880E5EDD6E406B05DFBD72249DADB40D784EB0BA119443E424B9F30AEE97D1680D8D38FEF8785736335EE985EF42912320180CCB9A864073466B6F6E3AC9B5BA0765246BC91BD9A9912CA04179433582A2192FB9EB0777970C50FABBBCC5798AA459AEFB26B3909CDA6AA1D86517D1579B7653F140152E8904BAC54AB937A7F95D0973A7EBF558110E7D18F094B49395DA52723A9EED0271C4073876E25E65B2B86E0D3E140EFBD61DAC2D66D1D0404F0E92C2CDD769E8AA3
268:d=1 hl=2 l= 3 prim: INTEGER :010001
273:d=1 hl=4 l= 256 prim: INTEGER :3E67D2898E815B9F6CCF3630F7C47464230A852A139011D8857549F6D19E03DFCB2EA9770DB63F6289EE4E3A68FE4F354CF372AD9BE9CE81EC98185A82AA3EEC459DF149783581E7D40581D0003FA2BC4A2105626390DA6A3AE9A0217D9E578128D51C459946EE4FE4EDFBEB0EC0FFB2C037C1BCF0B5202D25511324F1DA0671A76F4976A4ED1752C72CCD7AA50F9BB423899E5956EDD57EBB3A2C0779EDFEA12E06A660563D29A1157DCF44757C8AFC3B65414F96694D7D8662867744626C361AF31E2D063F7B9D525035F70962684C619284FD4B5885977F1BD916C804F6D688B8C94B54155856D7BEDE393E6F90DC2A87CED9DEFD0E9A63DD081CC6705B89
533:d=1 hl=3 l= 129 prim: INTEGER :FD1A74704E81F2F43C8C4F5CD31177A4977C5DB7A04B1E71DFC9380BE75A1E7C10308EAAA08D87B8042B43876EF3E07C8741AA2BB9590D650AC4FD8CAE571A7098F40B111160EE53DB16B24962E95E8B1A06A7A14069EFDDB1067272887B7E06CFA81174BEBCAD28A95CC8D55476DBE71EEC4FF609D7D7AE4D28E55B526B7987
665:d=1 hl=3 l= 129 prim: INTEGER :CA091FF70848179793B020B74C042935AE9B3B963668A06343C3CBFAD6264352ABD8B1C74ECDDB3481FDA5D020FAA659A852A62178A8D0B1C3A4BBE2D5FB629749ADCEF2630933DFF2CEA90037FBA2E81AC00821155D54C6FFED208F8B7E32893CA3F9DAE0D8BACCA9DB570050094FF5B246029CA93C2F9152A3BE6A30F03D05
797:d=1 hl=3 l= 129 prim: INTEGER :BA4A777B95FD45C288B24953AC330619CA3A0A8CB659B3FDE2D62AFF6FF83FC9D6ECB6855608F5E4F684957EA0A6B60B524E7D9F131C3DA4AA4995C9AF24835C6EE7E92155E63F64CF342463A97ED54C930A64E56610D3311C33FF96D767F5B9B3AC23B50712BE6CD84367BAC5217AF7E125D430E6CBCC7F0961D976DEF2260F
929:d=1 hl=3 l= 129 prim: INTEGER :9A733159939E3152F257A21B1E64CBF03B0477201586149EEE2E1FA129D7647E2DDB61C5212C645896CB86D83E6DFF7FE91B0DDFE6B2FF9FF615D880C7DEFEF6F31F896669699E9BA4AE722A35A20C5EEE1C41DAB0CF81C103E38E91CE2CF28B51AD7593EB722413D402575768D845A569DCF5A0380C47BD0BF51BDB68802FD5
1061:d=1 hl=3 l= 128 prim: INTEGER :263F65564D8AEE9719CD74467C3161400925ED7395D4FB6E0DBDEA3CB85F48D0A948758473275DCA32E5310715AD4B9016728CA7309EA3EB641FC4D6CF70D6BB3437F333480F658DB8431B4234F904083BFDDA3EA094A81124A4C1CF593AEB711BC52E88C5F1461143CA47FF70F1CB9349E108A5749BF2A321F1E470D30DEB96
==5059==
==5059== HEAP SUMMARY:
==5059== in use at exit: 0 bytes in 0 blocks
==5059== total heap usage: 4,136 allocs, 4,136 frees, 174,699 bytes allocated
==5059==
==5059== All heap blocks were freed -- no leaks are possible
==5059==
==5059== For lists of detected and suppressed errors, rerun with: -s
==5059== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Bug is fixed, marking as Verified SanityOnly.
In general, we create automated test cases in beaker and link them to TCMS test plan. Will you do that? Hi, I verified it manually and then found out you want everything automated, if it's possible. I have the test ready, will update links ASAP. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3700 |
Description of problem: When you try to parse the output from openssl pkcs12 with openssl asn1parse it crashes with "double free or corruption (!prev)" Version-Release number of selected component (if applicable): openssl-1.1.1-8.el8.x86_64 How reproducible: Always Steps to Reproduce: 1.Create certificate * openssl req -x509 -newkey rsa -keyout key.pem -out cert.pem -nodes -subj '/CN=localhost' 2.Create pkcs12 file * openssl pkcs12 -export -out outfile.p12 -inkey key.pem -in cert.pem 3.Parse that output file with openssl pkcs12 * openssl pkcs12 -in outfile.p12 -nodes -nocerts > newfile 4.Find the offset you want to parse and parse it with openssl asn1parse * openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22 Actual results: # openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22 0:d=0 hl=4 l=1187 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=4 l= 257 prim: INTEGER :B955CDA088C47B504990181E18BAAB8954356F37A301F6FE34346923D02673327A806FFF47A6FF6325AB64D2A200E51F893DAC599C5132350D696D38747388883D7276DBB62175F1E3210B5F5D8C9100CDD79E95310CC1951822D2F4AAE92F9F86619AF3918C03E75A48BEB0989F50B8A18986EAC14B2703FC3B1CC800274C738AA2666417A468D1FD3B0187D04F3B688402161BA5D8A381F88F88DB6A25FEE8C30130B8696C0904BCB122A2C359F39DA3AA8C86EF922F0438FE3052BCB5A934051B30B009195513C4E85DBCEFD05231B9AEA50FC1D4877F1F5181FFE62D2BFC4806F69E426A79E5C81730D52867C5CE8F761E54C3A303D0DCA641466B52A635 268:d=1 hl=2 l= 3 prim: INTEGER :010001 273:d=1 hl=4 l= 256 prim: INTEGER :4DEEBCA6B29C1C566878850BB2CE5BEF454FAAD2B462D11F97882A65FAD31041BBAD626AF01052F7B811583612155A43668C5E7AD7F674AC46557CADEE99DE619BA51441D35642A8521FC50E76E1F2DF69AF2F6A00D4225AB5697F578EBEBB5DD33E1BD02BF5BA76804A729503B88A52F8EA41A7595C66AD9054B3078EB8F7B62ED20B5165DA5B992BF1E82E27B5DA97373A43C4394AA60BE73D5EFFA91F8E170F0C9E147BAE3BD9FD566DEFB701BC2EACE28A7A363947BF70696CE99E770238989576F656D8B2A6DFAB10A77AD9C4D0C87E89E0ED0C9ADDBEF4AE8607D7432FF8230EC80E52AE3B9141B44CDCA686CCA4F884672EE8D301B7AB80B20A331AC1 533:d=1 hl=3 l= 129 prim: INTEGER :E2B3C46D53AAE5141AF34669AD6714FBFBF6751D2EB3BDC6B0F44D437C83BD8C07BF4F58E998A113C6870E830EF0D8C3B980A4B722CEAF7D3F6D08B03FEEC11A3F8AE32BB3C1447C12479B8F4527E33B19A60198BBF412BE46C33C8E038453E4647968F8C19E3BB021A118F5B78D3D0E3530DC0F42BB7A4E8F6567A8D1E97E9D 665:d=1 hl=3 l= 129 prim: INTEGER :D149720DCAE82ABBEFF6809CA44A77A4321F54FB982B633A41555ADEF462A12B1D6E88A5EA7B2DBFF06B68BB33C1912891798F41D98CFCD5FD67A3151B660C471413F531B6DFC53D79A59145FDBB4B52E052C8AA41557C679353910481E81D5828EF9ACF04548D4C4D83074207DE9228F91C3481DAC09D6BAF520D02668CA679 797:d=1 hl=3 l= 128 prim: INTEGER :27114FC27F6EADF79F0559971098F916CBBF1743A62EB77FAC330DB59999A26AA55324BB6FD62BBC1AB45F9DDA4F4B2BBFA619BCADB4ECAD2AE7015E4E4638E4EB1A6637BBCC8C9ECD0FA611349BC11F08368183EEB00B22DB52FDF68348A4A4716432E0DB8D07403D2B63FFC45804B3941B0D715BD0AF2D26AD150614D6A649 928:d=1 hl=3 l= 129 prim: INTEGER :9E354D38CBF871C59C82D57A945F8ECDDAEE008A28E033A4A81AE414C2DD8444597D6363393C60BB45FD8C3067D19DEFF2F8D7A8C9D260974B767ABBCBF87AB388A405A8CD3B9F98F74A87E54707BCCB2BB4A8E8BB76EA124A36D3DB7A70832E4FD3C14D5952A975D2EA88240C5ADE5686EA216F4074770C1E7E82431C4E9AD1 1060:d=1 hl=3 l= 128 prim: INTEGER :63F6C0C8A5564792C3A1DEA60D5F1CCC24080807ECDB7E9B8C7B5CFEC352413A5AC55700BA867F963D16642A85BC7A053F8C25765004162A71C26C2F51386C6D8AE8728F86D104D26E68B99A08B10F8D4CCA05885D5FA9B4D4B50A9F6D99BA0AB6AE7BE4DF3A0150BB38893DAB135EFE8C66FA339D53393CC046FC6F5A2083E4 double free or corruption (!prev) Aborted (core dumped) Expected results: Program exits successfully. Additional info: When run with valgrind: valgrind openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22 ==20464== Memcheck, a memory error detector ==20464== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==20464== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==20464== Command: openssl asn1parse -in newfile -inform PEM -strictpem -strparse 22 ==20464== 0:d=0 hl=4 l=1187 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=4 l= 257 prim: INTEGER :B955CDA088C47B504990181E18BAAB8954356F37A301F6FE34346923D02673327A806FFF47A6FF6325AB64D2A200E51F893DAC599C5132350D696D38747388883D7276DBB62175F1E3210B5F5D8C9100CDD79E95310CC1951822D2F4AAE92F9F86619AF3918C03E75A48BEB0989F50B8A18986EAC14B2703FC3B1CC800274C738AA2666417A468D1FD3B0187D04F3B688402161BA5D8A381F88F88DB6A25FEE8C30130B8696C0904BCB122A2C359F39DA3AA8C86EF922F0438FE3052BCB5A934051B30B009195513C4E85DBCEFD05231B9AEA50FC1D4877F1F5181FFE62D2BFC4806F69E426A79E5C81730D52867C5CE8F761E54C3A303D0DCA641466B52A635 268:d=1 hl=2 l= 3 prim: INTEGER :010001 273:d=1 hl=4 l= 256 prim: INTEGER :4DEEBCA6B29C1C566878850BB2CE5BEF454FAAD2B462D11F97882A65FAD31041BBAD626AF01052F7B811583612155A43668C5E7AD7F674AC46557CADEE99DE619BA51441D35642A8521FC50E76E1F2DF69AF2F6A00D4225AB5697F578EBEBB5DD33E1BD02BF5BA76804A729503B88A52F8EA41A7595C66AD9054B3078EB8F7B62ED20B5165DA5B992BF1E82E27B5DA97373A43C4394AA60BE73D5EFFA91F8E170F0C9E147BAE3BD9FD566DEFB701BC2EACE28A7A363947BF70696CE99E770238989576F656D8B2A6DFAB10A77AD9C4D0C87E89E0ED0C9ADDBEF4AE8607D7432FF8230EC80E52AE3B9141B44CDCA686CCA4F884672EE8D301B7AB80B20A331AC1 533:d=1 hl=3 l= 129 prim: INTEGER :E2B3C46D53AAE5141AF34669AD6714FBFBF6751D2EB3BDC6B0F44D437C83BD8C07BF4F58E998A113C6870E830EF0D8C3B980A4B722CEAF7D3F6D08B03FEEC11A3F8AE32BB3C1447C12479B8F4527E33B19A60198BBF412BE46C33C8E038453E4647968F8C19E3BB021A118F5B78D3D0E3530DC0F42BB7A4E8F6567A8D1E97E9D 665:d=1 hl=3 l= 129 prim: INTEGER :D149720DCAE82ABBEFF6809CA44A77A4321F54FB982B633A41555ADEF462A12B1D6E88A5EA7B2DBFF06B68BB33C1912891798F41D98CFCD5FD67A3151B660C471413F531B6DFC53D79A59145FDBB4B52E052C8AA41557C679353910481E81D5828EF9ACF04548D4C4D83074207DE9228F91C3481DAC09D6BAF520D02668CA679 797:d=1 hl=3 l= 128 prim: INTEGER :27114FC27F6EADF79F0559971098F916CBBF1743A62EB77FAC330DB59999A26AA55324BB6FD62BBC1AB45F9DDA4F4B2BBFA619BCADB4ECAD2AE7015E4E4638E4EB1A6637BBCC8C9ECD0FA611349BC11F08368183EEB00B22DB52FDF68348A4A4716432E0DB8D07403D2B63FFC45804B3941B0D715BD0AF2D26AD150614D6A649 928:d=1 hl=3 l= 129 prim: INTEGER :9E354D38CBF871C59C82D57A945F8ECDDAEE008A28E033A4A81AE414C2DD8444597D6363393C60BB45FD8C3067D19DEFF2F8D7A8C9D260974B767ABBCBF87AB388A405A8CD3B9F98F74A87E54707BCCB2BB4A8E8BB76EA124A36D3DB7A70832E4FD3C14D5952A975D2EA88240C5ADE5686EA216F4074770C1E7E82431C4E9AD1 1060:d=1 hl=3 l= 128 prim: INTEGER :63F6C0C8A5564792C3A1DEA60D5F1CCC24080807ECDB7E9B8C7B5CFEC352413A5AC55700BA867F963D16642A85BC7A053F8C25765004162A71C26C2F51386C6D8AE8728F86D104D26E68B99A08B10F8D4CCA05885D5FA9B4D4B50A9F6D99BA0AB6AE7BE4DF3A0150BB38893DAB135EFE8C66FA339D53393CC046FC6F5A2083E4 ==20464== Invalid free() / delete / delete[] / realloc() ==20464== at 0x4C3208C: free (vg_replace_malloc.c:540) ==20464== by 0x5167B5C: ??? (in /usr/lib64/libcrypto.so.1.1.1) ==20464== by 0x5171B9E: ??? (in /usr/lib64/libcrypto.so.1.1.1) ==20464== by 0x5171B36: ??? (in /usr/lib64/libcrypto.so.1.1.1) ==20464== by 0x5171F28: ASN1_item_free (in /usr/lib64/libcrypto.so.1.1.1) ==20464== by 0x13FE27: ??? (in /usr/bin/openssl) ==20464== by 0x156063: ??? (in /usr/bin/openssl) ==20464== by 0x13FB39: ??? (in /usr/bin/openssl) ==20464== by 0x5C06812: (below main) (in /usr/lib64/libc-2.28.so) ==20464== Address 0x60179d0 is 0 bytes inside a block of size 1,192 free'd ==20464== at 0x4C3208C: free (vg_replace_malloc.c:540) ==20464== by 0x14021D: ??? (in /usr/bin/openssl) ==20464== by 0x156063: ??? (in /usr/bin/openssl) ==20464== by 0x13FB39: ??? (in /usr/bin/openssl) ==20464== by 0x5C06812: (below main) (in /usr/lib64/libc-2.28.so) ==20464== Block was alloc'd at ==20464== at 0x4C30E8B: malloc (vg_replace_malloc.c:309) ==20464== by 0x51679B9: ASN1_STRING_set (in /usr/lib64/libcrypto.so.1.1.1) ==20464== by 0x516F7AF: ??? (in /usr/lib64/libcrypto.so.1.1.1) ==20464== by 0x51702AB: ??? (in /usr/lib64/libcrypto.so.1.1.1) ==20464== by 0x5170AC0: ASN1_item_ex_d2i (in /usr/lib64/libcrypto.so.1.1.1) ==20464== by 0x5170B3E: ASN1_item_d2i (in /usr/lib64/libcrypto.so.1.1.1) ==20464== by 0x13FF99: ??? (in /usr/bin/openssl) ==20464== by 0x156063: ??? (in /usr/bin/openssl) ==20464== by 0x13FB39: ??? (in /usr/bin/openssl) ==20464== by 0x5C06812: (below main) (in /usr/lib64/libc-2.28.so) ==20464== ==20464== ==20464== HEAP SUMMARY: ==20464== in use at exit: 1,217 bytes in 1 blocks ==20464== total heap usage: 4,099 allocs, 4,099 frees, 173,726 bytes allocated ==20464== ==20464== LEAK SUMMARY: ==20464== definitely lost: 1,217 bytes in 1 blocks ==20464== indirectly lost: 0 bytes in 0 blocks ==20464== possibly lost: 0 bytes in 0 blocks ==20464== still reachable: 0 bytes in 0 blocks ==20464== suppressed: 0 bytes in 0 blocks ==20464== Rerun with --leak-check=full to see details of leaked memory ==20464== ==20464== For counts of detected and suppressed errors, rerun with: -v ==20464== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) I tested it with upstream OpenSSL_1_1_1-stable branch and it looks like it is fixed there.